diff --git a/UnitTest1/unittest1.cpp b/UnitTest1/unittest1.cpp
index 00d0044d68cc9ad71f157cbdd3f97a0dd0278ef8..8dc463c628fc4b78fa4ef71e1332db11471b2459 100644
--- a/UnitTest1/unittest1.cpp
+++ b/UnitTest1/unittest1.cpp
@@ -26,16 +26,16 @@
 using namespace Microsoft::VisualStudio::CppUnitTestFramework;
 
 namespace UnitTest1
-{		
+{
 	TEST_CLASS(UnitTest1)
 	{
 	public:
-		TEST_METHOD(test_picohash)
-		{
+		    TEST_METHOD(test_picohash)
+		    {
             int ret = picohash_test();
 
-            Assert::AreEqual(ret, 0); 
-		}
+            Assert::AreEqual(ret, 0);
+		    }
 
         TEST_METHOD(test_cnxcreation)
         {
@@ -462,7 +462,7 @@ namespace UnitTest1
             int ret = set_verify_certificate_callback_test();
 
             Assert::AreEqual(ret, 0);
-	}
+        }
 
         TEST_METHOD(test_request_client_authentication)
         {
@@ -498,5 +498,12 @@ namespace UnitTest1
 
             Assert::AreEqual(ret, 0);
         }
-    };
+
+        TEST_METHOD(test_bad_client_certificate)
+        {
+            int ret = bad_client_certificate_test();
+
+            Assert::AreEqual(ret, 0);
+        }
+  };
 }
diff --git a/picoquic_t/picoquic_t.c b/picoquic_t/picoquic_t.c
index 7bc09f03734e7ef469bd81397c01e6e78d4361fc..63866efb7bdd5c870bc2bb1de0930fe9720ee1a2 100644
--- a/picoquic_t/picoquic_t.c
+++ b/picoquic_t/picoquic_t.c
@@ -100,7 +100,8 @@ static const picoquic_test_def_t test_table[] = {
     { "different_params", tls_different_params_test },
     { "wrong_tls_version", wrong_tls_version_test },
     { "set_certificate_and_key", set_certificate_and_key_test },
-    { "request_client_authentication", request_client_authentication_test }
+    { "request_client_authentication", request_client_authentication_test },
+    { "bad_client_certificate", bad_client_certificate_test }
 };
 
 static size_t const nb_tests = sizeof(test_table) / sizeof(picoquic_test_def_t);
diff --git a/picoquictest/picoquictest.h b/picoquictest/picoquictest.h
index 0b561aa629ed3a66aa992d88a35e2ef49227871f..e6c2b1c0a6a1490ef5a7d8f2019165481575d11d 100644
--- a/picoquictest/picoquictest.h
+++ b/picoquictest/picoquictest.h
@@ -95,6 +95,7 @@ int wrong_tls_version_test();
 int set_certificate_and_key_test();
 int transport_param_stream_id_test();
 int request_client_authentication_test();
+int bad_client_certificate_test();
 
 #ifdef __cplusplus
 }
diff --git a/picoquictest/tls_api_test.c b/picoquictest/tls_api_test.c
index af6f9fe012ac426abe31f735a7f622807ce3eb0f..15bc3aedec749ac623b87ffac9c2deaed081ce5c 100644
--- a/picoquictest/tls_api_test.c
+++ b/picoquictest/tls_api_test.c
@@ -2423,8 +2423,10 @@ int bad_certificate_test()
         else if (test_ctx->cnx_client->cnx_state != picoquic_state_disconnected) {
             ret = -1;
         }
-        else if (
-            test_ctx->cnx_client->local_error != PICOQUIC_TLS_HANDSHAKE_FAILED) {
+        else if (picoquic_get_local_error(test_ctx->cnx_client) != PICOQUIC_TLS_HANDSHAKE_FAILED) {
+            ret = -1;
+        }
+        else if (picoquic_get_remote_error(test_ctx->cnx_server) != PICOQUIC_TLS_HANDSHAKE_FAILED) {
             ret = -1;
         }
         else {
@@ -2770,3 +2772,83 @@ int request_client_authentication_test()
 
     return ret;
 }
+
+int bad_client_certificate_test()
+{
+    uint64_t simulated_time = 0;
+    uint64_t loss_mask = 0;
+    picoquic_test_tls_api_ctx_t* test_ctx = NULL;
+    int ret = tls_api_init_ctx(&test_ctx, 0, "test-sni", "test-alpn", &simulated_time, NULL, 0, 0);
+
+    /* Delete the client context, and recreate with a certificate */
+    if (ret == 0)
+    {
+        if (test_ctx->qclient != NULL) {
+            picoquic_free(test_ctx->qclient);
+            test_ctx->cnx_client = NULL;
+        }
+
+        test_ctx->qclient = picoquic_create(8,
+#ifdef _WINDOWS
+#ifdef _WINDOWS64
+            "..\\..\\certs\\badcert.pem", "..\\..\\certs\\key.pem",
+#else
+            "..\\certs\\badcert.pem", "..\\certs\\key.pem",
+#endif
+#else
+            "certs/badcert.pem", "certs/key.pem",
+#endif
+            NULL, test_api_callback, (void*)&test_ctx->client_callback, NULL, NULL, NULL,
+            simulated_time, &simulated_time, NULL, NULL, 0);
+
+        if (test_ctx->qclient == NULL) {
+            ret = -1;
+        }
+    }
+
+    /* recreate the client connection */
+    if (ret == 0) {
+        test_ctx->cnx_client = picoquic_create_cnx(test_ctx->qclient, picoquic_null_connection_id,
+                                                   picoquic_null_connection_id,
+                                                   (struct sockaddr*)&test_ctx->server_addr, 0,
+                                                   0, "test-sni", "test-alpn", 1);
+
+        if (test_ctx->cnx_client == NULL) {
+            ret = -1;
+        } else {
+            ret = picoquic_start_client_cnx(test_ctx->cnx_client);
+        }
+    }
+
+    if (ret == 0) {
+        picoquic_set_client_authentication(test_ctx->qserver, 1);
+    }
+
+    /* Proceed with the connection loop. It should fail */
+    if (ret == 0) {
+        ret = tls_api_connection_loop(test_ctx, &loss_mask, 0, &simulated_time);
+
+        if (test_ctx->cnx_client == NULL) {
+            ret = -1;
+        }
+        else if (test_ctx->cnx_client->cnx_state != picoquic_state_disconnected) {
+            ret = -1;
+        }
+        else if (picoquic_get_local_error(test_ctx->cnx_server) != PICOQUIC_TLS_HANDSHAKE_FAILED) {
+            ret = -1;
+        }
+        else if (picoquic_get_remote_error(test_ctx->cnx_client) != PICOQUIC_TLS_HANDSHAKE_FAILED) {
+            ret = -1;
+        }
+        else {
+            ret = 0;
+        }
+    }
+
+    if (test_ctx != NULL) {
+        tls_api_delete_ctx(test_ctx);
+        test_ctx = NULL;
+    }
+
+    return ret;
+}